From: "evvers at ya dot ru" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug libdw/28715] New: There seems to be an infinite loop in dwfl_segment_report_module
Date: Sun, 19 Dec 2021 20:41:44 +0000 [thread overview]
Message-ID: <bug-28715-10460@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=28715
Bug ID: 28715
Summary: There seems to be an infinite loop in
dwfl_segment_report_module
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libdw
Assignee: unassigned at sourceware dot org
Reporter: evvers at ya dot ru
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 13863
--> https://sourceware.org/bugzilla/attachment.cgi?id=13863&action=edit
File causing an infinite loop
It was reported today in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42645 . It can be
reproduced with `./src/stack`:
```
autoreconf -i -f
./configure --enable-maintainer-mode
make -j$(nproc) V=1
LD_LIBRARY_PATH="./libdw;./libelf" ./src/stack --core ../oss-fuzz-42645
```
According to eu-stack it's in dwfl_segment_report_module
```
PID 212089 - process
TID 212089:
#0 0x00007f6af3447cd5 dwfl_segment_report_module
#1 0x00007f6af344bf88 dwfl_core_file_report@@ELFUTILS_0.158
#2 0x0000000000402ec7 parse_opt
#3 0x00007f6af30da472 argp_parse
#4 0x00000000004024eb main
#5 0x00007f6af2fe9560 __libc_start_call_main
#6 0x00007f6af2fe960c __libc_start_main@@GLIBC_2.34
#7 0x0000000000402725 _start
```
Below is the backtrace OSS-Fuzz attached to the issue (with line numbers):
```
ALARM: working on the last Unit for 61 seconds
and the timeout value is 60 (use -timeout=N to change)
==822== ERROR: libFuzzer: timeout after 61 seconds
#0 0x4b22d4 in __sanitizer_print_stack_trace
/src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3
#1 0x457438 in fuzzer::PrintStackTrace() cxa_noexception.cpp:0
#2 0x43c329 in fuzzer::Fuzzer::AlarmCallback() cxa_noexception.cpp:0
#3 0x7f1be648c3bf in libpthread.so.0
#4 0x4aea5b in atomic_exchange<__sanitizer::atomic_uint32_t>
/src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_atomic_clang.h:67:7
#5 0x4aea5b in acquire
/src/llvm-project/compiler-rt/lib/ubsan/ubsan_value.h:60:21
#6 0x4aea5b in handleNegateOverflowImpl(__ubsan::OverflowData*, unsigned
long, __ubsan::ReportOptions)
/src/llvm-project/compiler-rt/lib/ubsan/ubsan_handlers.cpp:251:34
#7 0x4aea2d in __ubsan_handle_negate_overflow
/src/llvm-project/compiler-rt/lib/ubsan/ubsan_handlers.cpp:277:3
#8 0x517854 in dwfl_segment_report_module
/src/elfutils/libdwfl/dwfl_segment_report_module.c:581:58
#9 0x4b8937 in dwfl_core_file_report
/src/elfutils/libdwfl/core-file.c:559:17
#10 0x4b388e in LLVMFuzzerTestOneInput /src/fuzz-dwfl-core.c:52:6
#11 0x43d953 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) cxa_noexception.cpp:0
#12 0x429592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned
long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#13 0x42edec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
const*, unsigned long)) cxa_noexception.cpp:0
#14 0x457bf2 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#15 0x7f1be62800b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
#16 0x407d4d in _start
```
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2021-12-19 20:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-19 20:41 evvers at ya dot ru [this message]
2021-12-20 0:44 ` [Bug libdw/28715] " mark at klomp dot org
2021-12-20 2:40 ` evvers at ya dot ru
2021-12-20 11:41 ` evvers at ya dot ru
2021-12-20 15:39 ` evvers at ya dot ru
2021-12-20 15:47 ` evvers at ya dot ru
2021-12-20 17:25 ` mark at klomp dot org
2021-12-20 17:38 ` mark at klomp dot org
2021-12-20 20:58 ` evvers at ya dot ru
2021-12-21 11:17 ` mark at klomp dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-28715-10460@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=elfutils-devel@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).